diff options
author | jessib <jessib@riseup.net> | 2013-12-31 12:16:43 -0800 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2013-12-31 12:16:43 -0800 |
commit | 47d9b62913789358aefe769de6b7e33da8547891 (patch) | |
tree | 20f9bf0f60b3a45209b94850c62245646d11c79c | |
parent | fe3e374daa274a38723da52d929805b80f7ef383 (diff) |
Add authentication to API, but not sure it is best way.
-rw-r--r-- | users/app/controllers/v1/messages_controller.rb | 2 | ||||
-rw-r--r-- | users/test/functional/v1/messages_controller_test.rb | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb index 42a88f7..b58dfe9 100644 --- a/users/app/controllers/v1/messages_controller.rb +++ b/users/app/controllers/v1/messages_controller.rb @@ -1,7 +1,7 @@ module V1 class MessagesController < ApplicationController - # TODO need to add authentication + before_filter :authorize_admin # not sure this is best way respond_to :json # for now, will not pass unseen, so unseen will always be true diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb index 7666ba3..0bc09be 100644 --- a/users/test/functional/v1/messages_controller_test.rb +++ b/users/test/functional/v1/messages_controller_test.rb @@ -2,14 +2,13 @@ require 'test_helper' class V1::MessagesControllerTest < ActionController::TestCase - #TODO ensure authentication for all tests here - setup do @message = Message.new(:text => 'a test message') @message.save @user = FactoryGirl.build(:user) @user.message_ids_to_see << @message.id @user.save + login :is_admin? => true end teardown do @@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase assert_json_response false end + test "fails if not admin" do + login :is_admin? => false + get :user_messages, :user_id => @user.id + assert_access_denied + end + end |